Justiks/Minipigs-Back
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix secure

Browse Source
This commit is contained in:
Justiks 2025-02-20 11:02:23 +03:00
parent 11d757ec5b
commit 049447a31a
3 changed files with 25 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
.idea/workspace.xml generated
View File

@ -4,15 +4,10 @@
<option name="autoReloadType" value="SELECTIVE" /> <option name="autoReloadType" value="SELECTIVE" />
</component> </component>
<component name="ChangeListManager"> <component name="ChangeListManager">
<list default="true" id="067ac1f0-be04-4fe4-85c6-f870334053b8" name="Changes" comment="AUTHORIZATION WORK!"> <list default="true" id="067ac1f0-be04-4fe4-85c6-f870334053b8" name="Changes" comment="create new endpoints (employee edit)">
<change afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/controller/AdminController.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" /> <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/README.md" beforeDir="false" afterPath="$PROJECT_DIR$/README.md" afterDir="false" /> <change beforePath="$PROJECT_DIR$/src/main/java/com/example/nto/controller/AdminController.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/controller/AdminController.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/com/example/nto/controller/AuthController.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/controller/AuthController.java" afterDir="false" /> <change beforePath="$PROJECT_DIR$/src/main/java/com/example/nto/websecurity/WebSecurityConfig.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/websecurity/WebSecurityConfig.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/com/example/nto/controller/EmployeeController.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/controller/EmployeeController.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/com/example/nto/repository/EmployeeRepository.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/repository/EmployeeRepository.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/com/example/nto/service/EmployeeService.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/service/EmployeeService.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/example/nto/service/impl/EmployeeServiceImpl.java" afterDir="false" />
</list> </list>
<option name="SHOW_DIALOG" value="false" /> <option name="SHOW_DIALOG" value="false" />
<option name="HIGHLIGHT_CONFLICTS" value="true" /> <option name="HIGHLIGHT_CONFLICTS" value="true" />
@ -40,7 +35,7 @@
</component> </component>
<component name="PropertiesComponent"><![CDATA[{ <component name="PropertiesComponent"><![CDATA[{
"keyToString": { "keyToString": {
"Application.App.executor": "Debug", "Application.App.executor": "Run",
"Maven.NTO-2024 [org.apache.maven.plugins:maven-clean-plugin:3.1.0:clean].executor": "Run", "Maven.NTO-2024 [org.apache.maven.plugins:maven-clean-plugin:3.1.0:clean].executor": "Run",
"RunOnceActivity.ShowReadmeOnStart": "true", "RunOnceActivity.ShowReadmeOnStart": "true",
"RunOnceActivity.git.unshallow": "true", "RunOnceActivity.git.unshallow": "true",
@ -154,7 +149,15 @@
<option name="project" value="LOCAL" /> <option name="project" value="LOCAL" />
<updated>1739978089147</updated> <updated>1739978089147</updated>
</task> </task>
<option name="localTasksCounter" value="8" /> <task id="LOCAL-00008" summary="create new endpoints (employee edit)">
<option name="closed" value="true" />
<created>1740037639602</created>
<option name="number" value="00008" />
<option name="presentableId" value="LOCAL-00008" />
<option name="project" value="LOCAL" />
<updated>1740037639602</updated>
</task>
<option name="localTasksCounter" value="9" />
<servers /> <servers />
</component> </component>
<component name="VcsManagerConfiguration"> <component name="VcsManagerConfiguration">
@ -165,7 +168,8 @@
<MESSAGE value="websecurity configs" /> <MESSAGE value="websecurity configs" />
<MESSAGE value="промежуточные итоги :skull:" /> <MESSAGE value="промежуточные итоги :skull:" />
<MESSAGE value="AUTHORIZATION WORK!" /> <MESSAGE value="AUTHORIZATION WORK!" />
<option name="LAST_COMMIT_MESSAGE" value="AUTHORIZATION WORK!" /> <MESSAGE value="create new endpoints (employee edit)" />
<option name="LAST_COMMIT_MESSAGE" value="create new endpoints (employee edit)" />
</component> </component>
<component name="XDebuggerManager"> <component name="XDebuggerManager">
<breakpoint-manager> <breakpoint-manager>
@ -190,16 +194,6 @@
<line>70</line> <line>70</line>
<option name="timeStamp" value="26" /> <option name="timeStamp" value="26" />
</line-breakpoint> </line-breakpoint>
<line-breakpoint enabled="true" type="java-line">
<url>file://$PROJECT_DIR$/src/main/java/com/example/nto/websecurity/WebSecurityConfig.java</url>
<line>49</line>
<option name="timeStamp" value="40" />
</line-breakpoint>
<line-breakpoint enabled="true" type="java-line">
<url>file://$PROJECT_DIR$/src/main/java/com/example/nto/controller/AdminController.java</url>
<line>79</line>
<option name="timeStamp" value="41" />
</line-breakpoint>
</breakpoints> </breakpoints>
</breakpoint-manager> </breakpoint-manager>
</component> </component>

12
src/main/java/com/example/nto/controller/AdminController.java
View File

@ -12,6 +12,8 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.annotation.security.RolesAllowed;
@Controller @Controller
@RequestMapping("/api/admin/") @RequestMapping("/api/admin/")
public class AdminController { public class AdminController {
@ -58,20 +60,20 @@ public class AdminController {
* Такой же метод, как и getEmployeeInfo, только для админов по логину * Такой же метод, как и getEmployeeInfo, только для админов по логину
* @return * @return
*/ */
@PreAuthorize("hasAnyRole('ADMIN')") @RolesAllowed("ADMIN")
@GetMapping("/{value}/info") @GetMapping("/{value}/info")
public Employee getEmployeeInfoAdmin(@PathVariable String value) { public Employee getEmployeeInfoAdmin(@PathVariable String value) {
return employeeService.getEmployeeInfoById(Long.parseLong(value)); return employeeService.getEmployeeInfoById(Long.parseLong(value));
} }
@PreAuthorize("hasAnyRole('ADMIN')") @RolesAllowed("ADMIN")
@DeleteMapping("/employee/delete/") @DeleteMapping("/employee/delete/")
public ResponseEntity<String> deleteEmployee(@RequestBody DeleteEmployeeRequest deleteEmployeeRequest) { public ResponseEntity<String> deleteEmployee(@RequestBody DeleteEmployeeRequest deleteEmployeeRequest) {
employeeService.deleteEmployee(deleteEmployeeRequest.id); employeeService.deleteEmployee(deleteEmployeeRequest.id);
return ResponseEntity.status(HttpStatus.OK).build(); return ResponseEntity.status(HttpStatus.OK).build();
} }
@PreAuthorize("hasRole('DOLBOEB')") @RolesAllowed("ADMIN")
@PutMapping("/employee/update/login/") @PutMapping("/employee/update/login/")
public ResponseEntity<String> updateEmployeeLogin(@RequestBody UpdateEmployeeRequest updateEmployeeRequest) { public ResponseEntity<String> updateEmployeeLogin(@RequestBody UpdateEmployeeRequest updateEmployeeRequest) {
@ -81,14 +83,14 @@ public class AdminController {
return ResponseEntity.status(HttpStatus.OK).build(); return ResponseEntity.status(HttpStatus.OK).build();
} }
@PreAuthorize("hasAnyRole('ADMIN')") @RolesAllowed("ADMIN")
@PutMapping("/employee/update/avatar/") @PutMapping("/employee/update/avatar/")
public ResponseEntity<String> updateEmployeeAvatar(@RequestBody UpdateEmployeeRequest updateEmployeeRequest) { public ResponseEntity<String> updateEmployeeAvatar(@RequestBody UpdateEmployeeRequest updateEmployeeRequest) {
employeeService.updateEmployeeAvatar(updateEmployeeRequest.id, updateEmployeeRequest.field); employeeService.updateEmployeeAvatar(updateEmployeeRequest.id, updateEmployeeRequest.field);
return ResponseEntity.status(HttpStatus.OK).build(); return ResponseEntity.status(HttpStatus.OK).build();
} }
@PreAuthorize("hasAnyRole('ADMIN')") @RolesAllowed("ADMIN")
@PutMapping("/employee/update/position/") @PutMapping("/employee/update/position/")
public ResponseEntity<String> updatePosition(@RequestBody UpdateEmployeeRequest updateEmployeeRequest) { public ResponseEntity<String> updatePosition(@RequestBody UpdateEmployeeRequest updateEmployeeRequest) {
employeeService.updateEmployeePosition(updateEmployeeRequest.id, updateEmployeeRequest.field); employeeService.updateEmployeePosition(updateEmployeeRequest.id, updateEmployeeRequest.field);

3
src/main/java/com/example/nto/websecurity/WebSecurityConfig.java
View File

@ -10,6 +10,7 @@ import org.springframework.context.annotation.DependsOn;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@ -23,6 +24,7 @@ import java.util.List;
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired @Autowired
@ -78,6 +80,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.csrf().disable() .csrf().disable()
.authorizeRequests() .authorizeRequests()
.antMatchers("/api/login/").permitAll() .antMatchers("/api/login/").permitAll()
.antMatchers("/api/admin/**").hasRole("ADMIN")
.anyRequest().authenticated() .anyRequest().authenticated()
.and() .and()
.formLogin().permitAll() .formLogin().permitAll()